From d3e2121d30c70af421100124511a19b1381610d7723a1934ffaad3b6a2380b65 Mon Sep 17 00:00:00 2001
From: Kristyna Streitova <kstreitova@suse.com>
Date: Fri, 15 May 2015 13:11:40 +0000
Subject: [PATCH] Accepting request 306357 from home:guohouzuo:freeipa

CVE-2015-0253

OBS-URL: https://build.opensuse.org/request/show/306357
OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=444
---
 apache2.changes                  |  8 ++++++++
 apache2.spec                     |  2 ++
 httpd-2.4.12-CVE-2015-0253.patch | 24 ++++++++++++++++++++++++
 3 files changed, 34 insertions(+)
 create mode 100644 httpd-2.4.12-CVE-2015-0253.patch

diff --git a/apache2.changes b/apache2.changes
index 5c2e272..559855f 100644
--- a/apache2.changes
+++ b/apache2.changes
@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Mon May 11 13:34:40 UTC 2015 - hguo@suse.com
+
+- SECURITY: CVE-2015-0253 (cve.mitre.org)
+  core: Fix a crash introduced in with ErrorDocument 400 pointing
+  to a local URL-path with the INCLUDES filter active, introduced
+  in 2.4.11. PR 57531. [Yann Ylavic]
+
 -------------------------------------------------------------------
 Tue May  5 12:36:10 UTC 2015 - kstreitova@suse.com
 
diff --git a/apache2.spec b/apache2.spec
index 740df5c..ecc7eb2 100644
--- a/apache2.spec
+++ b/apache2.spec
@@ -126,6 +126,7 @@ Patch109:       httpd-2.4.3-mod_systemd.patch
 Patch111:       httpd-visibility.patch
 # PATCH-FIX-UPSTREAM bnc#918352 kstreitova@suse.com -- fix mod_lua - maliciously crafted websockets PING after a script calls r:wsupgrade() can cause a child process crash
 Patch112:       httpd-2.4.x-mod_lua_websocket_DoS.patch
+Patch113:       httpd-2.4.12-CVE-2015-0253.patch
 BuildRequires:  automake
 BuildRequires:  db-devel
 BuildRequires:  ed
@@ -309,6 +310,7 @@ to administrators of web servers in general.
 %endif
 %patch111 -p1
 %patch112 -p1
+%patch113 -p3
 cat $RPM_SOURCE_DIR/SUSE-NOTICE >> NOTICE
 # install READMEs
 a=$(basename %{SOURCE22})
diff --git a/httpd-2.4.12-CVE-2015-0253.patch b/httpd-2.4.12-CVE-2015-0253.patch
new file mode 100644
index 0000000..388b2ed
--- /dev/null
+++ b/httpd-2.4.12-CVE-2015-0253.patch
@@ -0,0 +1,24 @@
+SECURITY: CVE-2015-0253 (cve.mitre.org)
+core: Fix a crash introduced in with ErrorDocument 400 pointing
+to a local URL-path with the INCLUDES filter active, introduced
+in 2.4.11. PR 57531. [Yann Ylavic]
+--- httpd/httpd/trunk/server/protocol.c	2015/03/05 02:31:42	1664204
++++ httpd/httpd/trunk/server/protocol.c	2015/03/05 02:33:16	1664205
+@@ -606,8 +606,6 @@
+              */
+             if (APR_STATUS_IS_ENOSPC(rv)) {
+                 r->status    = HTTP_REQUEST_URI_TOO_LARGE;
+-                r->proto_num = HTTP_VERSION(1,0);
+-                r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
+             }
+             else if (APR_STATUS_IS_TIMEUP(rv)) {
+                 r->status = HTTP_REQUEST_TIME_OUT;
+@@ -615,6 +613,8 @@
+             else if (APR_STATUS_IS_EINVAL(rv)) {
+                 r->status = HTTP_BAD_REQUEST;
+             }
++            r->proto_num = HTTP_VERSION(1,0);
++            r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
+             return 0;
+         }
+     } while ((len <= 0) && (++num_blank_lines < max_blank_lines));